Security NewsWatch

NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at http://nsi.org/Security_NewsWatch/NewsWatch/9.21.16.html

In this issue — September 21, 2016

  • An ordinary American terrorist
  • Judge Gives State Dept. Tongue-Lashing over Clinton Records
  • Two-Thirds of CIOs Say Cyber-Threats, Led by Ransomware, Are Increasing
  • 5 Revelations from the OPM Breach Report
  • House Intelligence Committee Urges No Pardon for Snowden
  • Study: 1 in 50 Employees Is a Malicious Insider
  • At Least 4 Freed Gitmo Detainees Have Returned to Terrorism this Year
  • U.S. Spies ‘Playing Catch-Up’ Against Russia
  • Just Wait Until Hackers Start Releasing Fake Documents
  • Report: Climate Change Could Pose ‘Significant Risk’ to National Security

An ordinary American terrorist (CNN.com, 9/20/16)

Ahmad Khan Rahami, the suspect in this weekend’s New York City and New Jersey terrorist attacks, is in many ways quite typical of jihadist terrorists in the United States since 9/11.
He is an American citizen, not a foreigner, a refugee or a recent immigrant.
That is overwhelmingly the profile of the approximately 360 jihadist terrorists who have been indicted or convicted in the States since 9/11 of crimes ranging in seriousness from sending small sums of money to an overseas terrorist organization to murder. According to research by New America, 80% of these militants are American citizens or legal permanent residents.

They are also not the young hotheads of popular imagination. Their average age is 28, a third are married and a third have children. Rahami, age 28, is married and has a daughter. More

Judge Gives State Dept. Tongue-Lashing over Clinton Records (Politico, 9/19/16)

A federal judge lashed out at the State Department this week over what he charged was foot-dragging over Freedom of Information Act requests relating to Hillary Clinton’s service as secretary of state.  “You have a client that, to say the least, is not impressing the judges on this court, myself included. … It is in your client’s interest to start being more obviously cooperative,” U.S. District Court Judge Richard Leon warned Justice Department lawyers in a hearing.

The 10-minute hearing took place on a suit for records on how — and whether — Clinton and her aides were trained to handle classified information.  State had proposed a deadline of Oct. 17 to produce about 450 unclassified documents relating to the training issue sought by the Daily Caller News Foundation. More

Two-Thirds of CIOs Say Cyber-Threats, Led by Ransomware, Are Increasing (Tech Republic, 9/16/16)

Cyber-threats are a serious and growing concern, according to the FBI, with cyber intrusions becoming more commonplace, complex, and dangerous.  Zero-day exploits, spear-phishing, and sophisticated malware attacks have made headlines as companies lose billions of dollars each year repairing systems hit by such attacks.

Ransomware attacks, in particular, have been rapidly multiplying.  Between April 2015 and March 2016, more than 718,500 users were hit with encryption ransomware—an increase of 550%, according to research from Kaspersky Lab.  CIOs are often responsible for protecting their organization’s data from cybercrime attempts.  We recently polled our panel of IT leaders on cybersecurity threats.  When asked, “Do you think the level of Internet security threats has increased in the last year?” 67% said yes.  More

5 Revelations from the OPM Breach Report (Eweek, 9/15/16)

In its recent 231-page report on the massive Office of Personnel Management data breach, the U.S. House of Representatives’ Committee on Oversight and Government Reform spelled out the series of missteps that resulted in the treasure trove of data stolen by digital spies working on behalf of another nation.  “OPM leadership failed to heed repeated recommendations from its Inspector General, failed to sufficiently respond to growing threats of sophisticated cyberattacks, and failed to prioritize resources for cybersecurity,” the committee’s leaders stated.

While acknowledging those missteps, many security experts took exception to the tone of the report and instead argued that the lack of action, which in hindsight seems so obvious, is a current fixture at most companies and organizations. More

House Intelligence Committee Urges No Pardon for Snowden (NYT, 9/15/16)

Lawmakers on the House Intelligence Committee unanimously signed a letter to President Obama last week asking him not to pardon Edward J. Snowden, the former intelligence contractor who leaked troves of information about National Security Agency surveillance and data collection in 2013.  “We urge you not to pardon Edward Snowden, who perpetrated the largest and most damaging public disclosure of classified information in our nation’s history,” the bipartisan letter said.

“If Mr. Snowden returns from Russia,” the letter continued, “where he fled in 2013, the U.S. government must hold him accountable for his actions.”  The committee also said it had completed a 36-­page report summarizing the results of its multiyear investigation into the leaks and their effect.  More

Study: 1 in 50 Employees Is a Malicious Insider (Info Security, 9/15/16)

New research from Imperva has revealed that one in 50 employees is believed to be a malicious insider, with over a third (36%) of companies surveyed claiming to have experienced security incidents as a result of malicious staff within the last year.  What’s more, the firm was quick to reaffirm Gartner research that suggests, contrary to popular belief, malicious insiders are not always departing staff with a grudge who cause as much disruption as they can before they leave an organization.

“While insider data thefts are often anticipated when employees leave an organization, our research suggests many insiders with bad intentions have no intention of leaving but prefer to turn their access to information into a second income stream,” Gartner’s report said. More

******************************************************************************************

Solve Your Security Awareness Training Problem.  Instantly.

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that “security awareness programs at many organizations are weak, half-hearted and ineffectual.” As a result, employees ignore them.

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html

******************************************************************************************

At Least 4 Freed Gitmo Detainees Have Returned to Terrorism this Year (VICE News, 9/15/16)

The U.S. government has confirmed that at least two Guantanamo Bay detainees released by President Barack Obama’s administration, and at least two more released by George W. Bush’s administration, “returned to terrorist activities” in the first six months of 2016. That’s according to a recidivism report released last week by the Office of the Director of National Intelligence.

The report does not publicly identify the former detainees, nor does it provide details about the activities in which they allegedly engaged.  The report’s definition of “terrorist” or “insurgent” activities includes “conducting a suicide bombing, financing terrorist operations, recruiting others for terrorist operations, and arranging for movement of individuals involved in terrorist operations.” More

U.S. Spies ‘Playing Catch-Up’ Against Russia (Business Insider, 9/15/16)

After extensively focusing on the War on Terror both at home and abroad, it seems the nation’s spying capabilities against Russia have taken a drastic hit.  In a major directional shift, a senior U.S. intelligence official recently claimed that although terrorism was a top concern, the White House and the Office of the Director of National Intelligence had now prioritized Russia on their list of intelligence priorities — the first time since the collapse of the USSR.

Officials have said that while their respective intelligence agencies focused on other matters for the last several years, Russia had been upping its intelligence and military capabilities.  Russia’s international moves over the past two years, such as its annexation of Crimea and interference in Syria, have caught the U.S. off-guard and served to highlight how far intelligence capabilities have slipped. More

Just Wait Until Hackers Start Releasing Fake Documents (Defense One, 9/15/16)

In the past few years, the devastating effects of hackers breaking into an organization’s network, stealing confidential data, and publishing everything have been made clear.  It happened to the Democratic National Committee, to Sony, to the National Security Agency, to the cyber­-arms weapons manufacturer Hacking Team, and to the online adultery site Ashley Madison.

In all of these instances, the documents were real: the email conversations, still-­secret product details, strategy documents, salary information, and everything else.  But what if hackers were to alter documents before releasing them?  This is the next step in what’s called “organizational doxing”—and the effects can be much worse. More

Report: Climate Change Could Pose ‘Significant Risk’ to National Security (ABC News, 9/14/16)

A bipartisan group of military experts has released a statement and two reports arguing that climate change poses a significant risk to U.S. national security.  The statement, released by the Climate Security Consensus project, argues that the effects of climate change will put a strain on water, food, and energy supplies, which can result in “unique and hard-to-predict security risks.”

“The effects of climate change present a strategically-significant risk to U.S. national security and international security,” the statement said.  It argued that the “U.S. must advance a comprehensive policy for addressing this risk.” More